CtrlK
BlogDocsLog inGet started
Tessl Logo

cloud-penetration-testing

Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

53

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with concrete, executable commands for all three cloud providers and a clean one-level reference to a real bundle file. It loses points on conciseness (length and duplication) and workflow clarity (no explicit validation checkpoints between risky phases).

Suggestions

Add explicit validation/checkpoint steps between phases (e.g. verify caller identity and scope after authentication before enumerating; confirm authorization before persistence actions) to support the destructive and batch operations present.

Trim duplication between the phase walkthroughs, the Quick Reference tables, and Examples to reduce token overhead, and move the more exhaustive scripts into the references file.

Consolidate repeated metadata-service and per-region iteration patterns into a single reusable snippet rather than restating them per provider.

DimensionReasoningScore

Conciseness

It is mostly efficient command/reference lists rather than concept explanations, but the ~510-line body re-explains provider-by-provider commands inline and duplicates much of the Quick Reference and Examples sections, which could be tightened and offloaded to the reference file.

2 / 3

Actionability

The body is densely packed with concrete, executable commands and copy-paste-ready scripts across all three providers (e.g. 'aws sts get-caller-identity', 'Get-AzVM', the metadata-service curls), with parameterized placeholders for real values.

3 / 3

Workflow Clarity

Phases 1-11 give a clear sequence, but there are no explicit validation/checkpoint steps between phases despite destructive and batch operations (key creation, persistence, data sync), and the guidance 'use slow, deliberate enumeration' is only implicit feedback.

2 / 3

Progressive Disclosure

The body is organized into clear sections with a single one-level-deep reference that is real and clearly signaled ([Advanced Cloud Scripts](references/advanced-cloud-scripts.md)), and advanced scripts are appropriately split out rather than nested.

3 / 3

Total

10

/

12

Passed

Description

52%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description accurately states the domain and intent in third person, but it relies on abstract phrasing and omits an explicit 'Use when' trigger clause, leaving the 'when' only implied. It is distinguishable but not sharply differentiated from generic pentesting skills.

Suggestions

Add an explicit trigger clause, e.g. 'Use when conducting authorized cloud penetration tests, cloud security assessments, or auditing AWS/Azure/GCP infrastructure.'

Replace 'conduct comprehensive security assessments' with concrete actions: enumerate cloud resources, test IAM and authentication, extract secrets, and establish persistence.

Include natural trigger variations users would actually say ('cloud pentesting', 'pentest AWS/Azure/GCP', 'cloud security assessment') to improve trigger-term coverage.

DimensionReasoningScore

Specificity

Names the domain (security assessments across Azure, AWS, GCP) and lists several action areas, but 'conduct comprehensive security assessments' is abstract rather than enumerating concrete actions like the score-3 anchor does.

2 / 3

Completeness

It clearly answers 'what' (security assessments of cloud infrastructure) but has no 'Use when...' or equivalent explicit trigger clause, so the 'when' is only implied; per the judging guidelines this caps completeness at 2.

2 / 3

Trigger Term Quality

Provider names (Azure, AWS, GCP) are natural terms users would say, but it lacks common variations a user would naturally invoke with (e.g. 'cloud pentesting', 'cloud security assessment', 'pentest AWS/Azure/GCP').

2 / 3

Distinctiveness Conflict Risk

Tri-provider cloud scope gives it a recognizable niche, but the description could still overlap with generic 'cloud security' or 'pentesting' skills and is not distinctly triggered by a unique phrase.

2 / 3

Total

8

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (512 lines); consider splitting into references/ and linking

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
sickn33/antigravity-awesome-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.